Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and
more. It reduces bandwidth and improves response times by caching and
reusing frequently-requested web pages. Squid has extensive access
controls and makes a great server accelerator. It runs on most
available operating systems, including Windows and is licensed under
the GNU GPL.

DansGuardian is an award winning Open Source web content filter which
currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX,
and Solaris. It filters the actual content of pages based on many
methods including phrase matching, PICS filtering and URL
filtering. It does not purely filter based on a banned list of sites
like lesser totally commercial filters.

Once the installation of Squid is over you should see something
similar:

===> post-installation information for squid-2.7.9_1:
o You can find the configuration files for this package in the
directory /usr/local/etc/squid.
o The default cache directory is /var/squid/cache.
The default log directory is /var/squid/logs.
Note:
You must initialize new cache directories before you can start
squid. Do this by running "squid -z" as 'root' or 'squid'.
If your cache directories are already initialized (e.g. after an
upgrade of squid) you do not need to initialize them again.
o The default configuration will deny everyone but local networks
as defined in RFC 1918 access to the proxy service.
Edit the "http_access allow/deny" directives in
/usr/local/etc/squid/squid.conf to suit your needs.
To enable Squid, set squid_enable=yes in either
/etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
Please see /usr/local/etc/rc.d/squid for further details.
Note:
If you just updated your Squid installation from 2.6 or earlier,
make sure to check your Squid configuration against the 2.7 default
configuration file /usr/local/etc/squid/squid.conf.default.
Additionally, you should check your configuration by calling
'squid -f /path/to/squid.conf -k parse' before starting Squid.
===> Compressing manual pages for squid-2.7.9_1
===> Registering installation for squid-2.7.9_1
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/squid
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/squid
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://www.squid-cache.org/
===> Cleaning for squid-2.7.9_1

Configuration of Squid

Open /usr/local/etc/squid/squid.conf file for editing and do the
necessary changes. Most options are self explanatory.

Below you will find a fully working squid.conf file. Please consult
the Squid man pages and the example
/usr/local/etc/squid/squid.conf.default file for more information
about the different options - the file is pretty well documented.

Starting Squid

The first thing we need to do before starting Squid is to check our
configuration if it contains any errors:

$ sudo squid -f /usr/local/etc/squid/squid.conf -k parse

If everything is OK we can proceed, otherwise you will need to check
your squid.conf file and fix the reported errors.

Now we need to initialize the cache directories of Squid. To do this
simply execute the command below:

$ sudo squid -z

NOTE: If you are doing an upgrade of Squid you do not need to
initialize the cache directories as they should be initialized
already.

And now let’s start Squid:

$ sudo /usr/local/etc/rc.d/squid start

If you have followed the handbook by this step you should have a fully
working Squid transparent proxy server.

In the next chapters of this handbook we will have a look at
DansGuardian and how to integrate it with Squid.

In this chapter of the handbook we will cover the installation and
basic configuration of DansGuardian.

Installing Dansguardian

In order to install DansGuardian on your FreeBSD system you will need
first to fetch the distribution tarball from the DansGuardian web
site and place it in your
/usr/ports/distfiles directory.

Once you do that we can continue with the installation of DansGuardian
using the FreeBSD Ports Collection.

$ cd /usr/ports/www/dansguardian &&sudo make install clean

Once the installation of DansGuardian is over you should see something
similiar:

===> Installing rc.d startup script(s)===> Please Note:
*******************************************************************************
This port has created a log file named dansguardian.log that can get
quite large. Please read the newsyslog(8) man page for instructions
on configuring log rotation and compression.
This port has been converted to the new RC framework and should work
correctly via rcorder. Please read the comments in the startup script
for instructions on enabling the daemon.
WITH_CLAMAV, WITH_ICAP, WITH_KASP, WITH_NTLM are all experimental
options that I am not currently able to test. Let me know how these
work (or not)for you. (Patches always welcome.)*******************************************************************************===> Compressing manual pages for dansguardian-2.10.1.1_1
===> Registering installation for dansguardian-2.10.1.1_1
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/dansguardian
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/dansguardian
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://dansguardian.org
===> Cleaning for dansguardian-2.10.1.1_1

Now that DansGuardian has been installed we can continue with it’s
configuration in the next chapter of the handbook.

Configuration of Dansguardian

In this section we only cover the basic configuration of
DansGuardian.

The main DansGuardian configuration file resides in
/usr/local/etc/dansguardian/dansguardian.conf. The file is pretty
well documented and in this handbook we will only change a few options
in order to match our setup.

So open the /usr/local/etc/dansguardian/dansguardian.conf file for
editing and do the needed changes.

Enabling DansGuardian during boot-time

In order to enable DansGuardian during boot-time add the following
lines to your /etc/rc.conf file:

# Enable DansGuardiandansguardian_enable="YES"

Firewall configuration in PF for DansGuardian

Just like we did in the Squid configuration chapter of this handbook
where we did modifications to our /etc/pf.conf file for transparent
proxy, in this chapter of the handbook we will modify again
/etc/pf.conf so that all HTTP requests are going through
DansGuardian instead.

Below is an example configuration of /etc/pf.conf file for our
Squid and DansGuardian setup: